Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3358

Опубликовано: 16 июл. 2020
Источник: nvd
CVSS3: 8.6
CVSS2: 7.8
EPSS Низкий

Описание

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.03.18 (исключая)
cpe:2.3:h:cisco:rv340_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.03.18 (исключая)
cpe:2.3:h:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.03.18 (исключая)
cpe:2.3:h:cisco:rv345_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:*:*:*:*:*:*:*:*
Версия до 1.0.03.18 (исключая)
cpe:2.3:h:cisco:rv345p_dual_wan_gigabit_poe_vpn_router:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%
0.00201
Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

github логотип

GHSA-rjmm-h25r-cqxf

github
больше 3 лет назад

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.

fstec логотип

BDU:2020-03410

CVSS3: 8.6
fstec
больше 5 лет назад

Уязвимость реализации функции VPN Secure Sockets Layer (SSL) микропрограммного обеспечения маршрутизаторов Cisco Small Business RV340, Cisco Small Business RV340W, Cisco Small Business RV345 и Cisco Small Business RV345P, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 42%
0.00201
Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20
CWE-20